home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Freaks Macintosh Archive
/
Freaks Macintosh Archive.bin
/
Freaks Macintosh Archives
/
Textfiles
/
zines
/
hir
/
hir3 Folder.sit
/
hir3 Folder
/
HIR3-7.TXT
< prev
next >
Wrap
Text File
|
1997-12-29
|
10KB
|
173 lines
=-_.-=-._.- H A C K E R S I N F O R M A T I O N R E P O R T -._.-=-._.-=
Windows telnet daemon (WinTD)
by: Axon
...a word, before i continue...
This is the first article I'm writing on my new palmtop (yes, that's
right...i did it.) After toying around with Asmodian X's Compaq PC
Companion for hours, never finding an end to the intrigue, i gave in,
needing at least a part-time replacement for my laptop. I went with a
Hewlett-Packard 300LX, which still uses the Hitachi SH3 processor and 2
megs of ram like the Compaq, but sacrifices a backlight. We'll see how
it goes. I'm sort of using this text file as a test to see how
fast/accurate my typing is on this keyboard, and to see how long i can go
at it before going crazy...
...on with the show...
Windows telnet daemon, known as WinTD, usually, is a great
crippleware program out there, and i've found nothing else of its breed
ever since. Most of you, just by the name, should be getting a picture
in your minds..."allows you to TELNET" into a windows machine?!?!?"
Certainly... So what would windows look like if you telnetted in? As it
would come to be, it looks a tad like unix. It uses some popular unix
commands for navigation, and other tasks. It's kind of like getting a
UNIX $ prompt, and using unix commands to navigate a DOS filesystem.
Here are a few commands and their purposes. I do not have them all
memorized, but i know most of them that WinTD recognizes.
ls list system (dir in DOS)
ps process. Lists all proceses, along with their process id (PID)
cd change directory. Lots like DOS/UNIX cd. to change drives, use cd x:
rm remove file (delete/del)
kill kills a task running on the host. Each task is killed by killing the
pid number you got using ps
who shows who all is logged on, what tty, and the PID of their shell
set allows certain variables to be set.
man displays user manual entries for commands (i'll get to this later)
suue encrypts any file with uuencode and pumps it to the terminal (this is
great for downloading files, hopefully small ones, from the host.)
ruue starts expecting a uuencoded file to be sent over the terminal to the
host. Usually one can use copy/paste to upload uuencoded files. I
will explain this is greater detail later
mkdir make a directory.
rmdir remove a directory.
exit quits the session
exec Executes a dos command, and places the output to your terminal. (this
part has BIG problems, but I'll talk about them in a sec)
Winexec this command executes any command on th host, and displays it on
host's monitor. It is very powerful, so only root, and maybe 1 or 2
VERY trusted users should have access to it. I'll discuss it at the
same time i discuss exec.
passwd gee. i wonder. Change yer password maybe?
That's about the only ones I ever use, but i know there's more. Some of
the commands don't even look like normal unix commands. Now for the bad
news: if you recall, i said it's a crippleware program. You can use it all
you want without having an obligation to pay, but in order to get the user
manual pages that tell what each command does, and the syntax for them, you
get to pay some ungodly amount of money (less than $100 but if it's more
than 5, it'll probably wipe me out). No, i don't know of anyone who has the
man pages available for download, but if you ever find 'em, e-mail a gzip or
PKzip of 'em, you'll be a lifesaver.
*--Most of you are probably fearing that this article will be like most of
the articles about programs that you might see in some good old 80's e-mag,
or even 2600. The fact is, most writers just assume that readers can find
stuff (actually, many writers for 2600 will tell you where to get certain
things, but some of the newer writers don't...i know it's not Emannuel's
fault). Dob't worry, at the end, i'll tell ya where to get it.--*
So what does WinTD allow you to do? Well, first off, you have to download
it and configure it. You can set what port it services, What the log-on
message is, customize the prompt, and all sorts of other things. Then you
have to add users and define permissions. "permissions" isn't exactly like
unix. You can just define what commands each user is allowed to execute.
There is a list of all the available commands, and you just highlight the
ones you want (click on them while holding the ctrl key), then add the
commands to the user's box. If you want to make an account for ourself or
a buddy of yours, and dont want it restricted in access, but don't feel
like highlighting all the commands, there is a checkbox saying "root". So
all root is, is someone who can execute all commands.
Now, to answer your question: Why would anyone really want to telnet into
a windows machine? I've found that Wintd is somewhat secure. I've been
messing with it for over a year and still never really ben able to hack it
the outside. One thing it does that i do not particularly care for is that
if you enter an invalid login name, you'll know it's invalid, because it
just asks for a login again, instead of asking for a password. Possible
uses for logging into your own computer remotely would be to download
homework, cool programs, or something else. While I've tested the uue send
and receive features, i'll say they are slow. I would recommend using
WinTD to launch an FTP daemon (which are typically insecure anyways), then
ftping your files down, and killing off the FTP daemon with ps and kill.
You can also see what's going on on your computer this way, with ps. Kill
your screen saver's process, and your screen saver goes away just as if
someone was messing with the mouse. With some other commands, you could
even start the calculator, netscape, a word processor, or whatnot, on your
computer running WinTD, and kill them off if you wish.
Time to tell you something cool...WinTD has a cool little feature which
allows you to hide it. No one will know it's running unless they pull up
the task manager or hit ctrl/alt/delete. Furthermore, it has the option of
hiding itself upon startup, making it perfect for stealthily keeping an eye
on someone else's system that's hooked up. Granted, this works a lot
better on a system what has static IP, like library computers hooked up to
the internet, or computer lab systems... Ever downloaded someone's C++
project right from under their nose? =] The imagination is the only limit
on this one.
So how about exec & winexec? Earlier i mentioned some problems with exec.
It does have problems. It will execute any dos command, and when it is
done running, display the output to you. That's it. No more. This means
you really should run only things such as chkdsk (to show you some stats
on the host hard drive), Attrib, dir, and a few others that don't require
any input before relenquishin control back to the command interpreter. If
you are a bonehead and forget ths "feature", you may be able to hit ctrl-c
but sometimes that doesn't even work. About the only thing you can do then
is to open another telnet session to it, and, if you didn't crash WinTD,
log-in and kill the process off that you ried to run, kill the process of
your other session, and hope the daemon stays stable. WinTD is not very
predictable when the exec command is brought in. I would recommend
reserving it for root only, or else other accounts could D-o-S (denial of
service) ya.
Winexec, however, has a lot more respect from me. With it, you can, on
the host computer, execute anything it has on its system (and by the way,
windows programs still accept cmmand line arguments. Remember that.)
simply seeing calc.exe in the directory you're in doesn't mean you can
type "calc" or "calc.exe" and it will run. You must type "winexec calc"
or if it's a batch file or .com file, you need to include the extension as
well.
As far as file transfers with suue/ruue, i don't ecommend it unless it's
in a pinch, and it' a small file. It works best if you have a good telnet
client like NetTerm or TeraTerm that supports an ASCII upload feature.
(i like teraterm 'cuz it installs onto a 1.44MB floppi without complaining
about it). All you need to do to send a file is run it through a uuencoder
and do an ascii upload of the uuencoded file. Downloading is fun. You
must start logging the session to a file before telling WinTD to start
sending the uuencoded stream. Then you have to edit the top and bottom of
the log file to get rid of the stuff you typed and the $ prompt at the end
of the file and THEN run it through a uudecoder. Fun stuff. Avoid it
whenever possible. These are two commands i would also not trust the
normal user with.
...now for the good stuff...
WinTD is released by Snappy Software (No affiliations with Play, inc, the
makers of the snappy! video capture kit for the computer) I can't for the
life of me remember what the heck the URL is to their page, but i do
recall that i found WinTD on tucows. Tucows is a great page for anyone
that wants every single internet related utility for windows 3.1/95/NT.
go to http://www.tucows.com and choose any of the primary affiliates and
regular updaters (they'll have TWO check marks by them) I always use the
first california site with 2 check marks next to it. When you arrive at
that site, you must chose Windows 95. Then it gives you a huge table of
TYPES of programs. Look under Server Daemons, and it will be somewhere in
there. If it is npt, go back a page or two till you see a search textbox,
and just search for WinTD that way. You'll find it.
Well, that about cover it for WinTD. I'm hoping that this month-delayed
issue of HiR doesn't tick too many people off, and i figured we'd better
have quite a few more articles if wwe were going to be late. Use your
imaginations with it...and happy/safe hackin'!